<?php
/**
 * wechat php test
 */
// define your token
define("TOKEN", "wechat");                  // 这里面填写的token就是与微信测试号填写的token，保持一致即可
$wechatObj = new wechatCallbackapiTest();
$wechatObj->valid();
// $wechatObj->responseMsg();
class wechatCallbackapiTest{

    public function valid()
    {
        $echoStr = $_GET["echostr"];
        if($this->checkSignature()){
            echo $echoStr;
            exit;
        }
    }

    public function responseMsg()
    {
        //get post data, May be due to the different environments
        $postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
        //extract post data
        if (!empty($postStr)){
            /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
               the best way is to check the validity of xml by yourself */
            libxml_disable_entity_loader(true);
            $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
            $fromUsername = $postObj->FromUserName;
            $toUsername = $postObj->ToUserName;
            $keyword = trim($postObj->Content);
            $time = time();
            $textTpl = "<xml>                            
                         <ToUserName><![CDATA[%s]]></ToUserName>                            
                         <FromUserName><![CDATA[%s]]></FromUserName>                            
                         <CreateTime>%s</CreateTime>                            
                         <MsgType><![CDATA[%s]]></MsgType>                            
                         <Content><![CDATA[%s]]></Content>                            
                         <FuncFlag>0</FuncFlag>                            
                         </xml>";
            if(!empty( $keyword )){
                $msgType = "text";
                $contentStr = "Welcome to wechat world!";
                $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
                echo $resultStr;
            }else{
                echo "Input something...";
            }
        }else {
            echo "";
            exit;
        }
    }

    private function checkSignature()
    {
        // you must define TOKEN by yourself
        if (!defined("TOKEN")) {
            throw new Exception('TOKEN is not defined!');
        }
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];

        $token = TOKEN;
        $tmpArr = array($token, $timestamp, $nonce);
        // use SORT_STRING rule
        sort($tmpArr, SORT_STRING);
        $tmpStr = implode( $tmpArr );
        $tmpStr = sha1( $tmpStr );
        if ($tmpStr == $signature){
            return true;
        }else{
            return false;
        }
    }
}